Adobe Flash, some people love it, some people hate it, but it is hard to avoid it. Some websites are built almost entirely around Flash, and are unusable if you don't have the plug-in installed in your browser. All those ads you see when you go to a website, especially the animated ones? Flash. Streaming Video? Frequently Flash.
The use of Flash is declining, replaced by HTML 5, in fact YouTube recently announced that they have finished their conversion and are no longer using Flash at all. For now, however it is still difficult to make it through a day without running into a website that is using Flash.
Therein lies the problem. Flash, along with Java, is one of the most prevelent ways that malware can be introduced in your computer. 2015 has just begun, but we have already seen exploits for three separate zero-day vulnerabilities. Combine that with unsavory elements selling exploit kits on the darknet, and this creates danger for all Internet users, business or consumer.
What is a Zero-Day vulnerability? A Zero-Day is simply a security hole or vulnerability in a piece of software that is unknown to the developer of the software, and is therefore unpatched. Hackers discover the vulnerability and exploit it to deliver malware to a users computer before the developer discovers the hole and releases a patch. These vulnerabilites can allow hackers to steal data, install keystroke loggers, or even crypto-style ransom ware.
According to Malwarebytes the latest attacks are impacting users via ads on sites such as dailymotion.com, theblaze.com, nydailynews.com, tagged.com, webmail.earthlink.net, and others.
Security companies spend a great deal of time searching for these vulnerabilites, so they can notifiy the software developers before the hackers can find them and develop exploits, but this is not always successful, unfortunately.
So how do you protect yourself? Your choice of browser can make a difference, Google Chrome tends to withstand these types of exploits better than most other browsers. Flash-blocking browser plugins can be installed to block Flash from all but websites that the user designates as trusted. It is important to install any Flash security patch as soon as it is released, which requires a great deal of vigilance. Flash can also be completely uninstalled. This is obviously the most secure solution, but can cause a business trouble if they rely on websites or tools that utilize Flash.
Flash isn't the only thing to worry about either. Java is another prevalent source of Zero-Day exploits, but truly any software on your computer, including the Operating System itself can have undiscovered vulnerabilites waiting to be exploited. It is important then, that your IT staff or contract IT company is staying on top of these patches to help prevent your business from being attacked. Another possibility is a fully managed Hosted Desktop solution. The providers of these solutions have a vested interest in keeping their networks clear of such vulnerabilites, and staff to ensure that they are monitoring the network, installing patches as they are released, and keeping their customers in the know as vulnerabilites are announced.
This type of all-in-one Desktop and IT as a service type of solution may be your best option to ensure that your company has the resources to protect yourself from these exploits.
For more information on the current Flash issues, please read this article at Ars Technica which was used as a resource for this post.
Allied Communication is dedicated to helping our customers make the most of their Voice and Data Communications through secure Cloud-Based solutions.